Get IT! – Computer Mark talks Tech

Category Archives: Ubuntu-Debian

I was reading up on some Linux Log File Rotation today and thought I might share a little info on my findings with my Ubuntu friends. As we all know, the log files are the best place to look first when something doesn’t work. You’re probably also familiar with the default location of the log files in /var/log. You should also recognize that a periodic review of your logs is the single best method to catch hacking attempts and security breaches.

This link provides a good short initial view for Windows users on how the log file rotation is configured and executed.

I look at my system logs once a day with a morning email from logwatch. Logwatch runs as a cron job every morning at 6:25 and provides me a daily summary of activity from the previous days log files. I receive one email from each machine in my administration mailbox and spend a minute looking at each report for anomalous service usage. I typically see network probing summarized for the UFW firewall packets, DNS queries, Failed and Successful SSH connections, Postfix and Dovecot Traffic, and Apache Web Server traffic. I would encourage you all to install logwatch and take a periodic look at the summary.

sudo apt-get install logwatch

The logwatch email address can be defined by:

sudo nano /usr/share/logwatch/conf/default.conf/logwatch.conf

Happy Logging!

If you need help getting the logwatch summary to your mailbox please ask and I’ll gladly assist.